This patch lets fields declare a 'handler_access' which i a callback to a function which informs whether or not the current user can view a given field. Next, I plan to work on per field access control for CCK. At that point, everyone should see the utility of this patch.
If you want to test this now, take an an active View and add a 'handler_access' element to one of the field's defitions. The value should be any arbitrary function name. Then create that arbitrary function and just do a return FALSE;. After your clear Views cache, you should look at your View and notice that the field is gone.
This patch doesn't attempt to restrict Fields while *editing* a View. At this point, I don't see that as much of a need.
Note that any View that uses an access handler automatically excludes itself from Views caching. Thats how it goes, and is consistent with other fancy Views features.
| Comment | File | Size | Author |
|---|---|---|---|
| #10 | mw.patch | 3.16 KB | moshe weitzman |
| patch_173 | 1.38 KB | moshe weitzman |
Comments
Comment #1
merlinofchaos commentedDoes this really need to invalidate caching? All a cached query will do is return results that will never be rendered, but I don't think that's actually a bad thing. By allowing it to cache we'll slightly reduce the complexity and not impact performance.
Comment #2
merlinofchaos commentedMoshe?
Comment #3
moshe weitzman commentedhmm. you are probably right. i lost some interest in this patch because someone wrote a cck_field_perms module.
Comment #4
merlinofchaos commentedComment #5
moshe weitzman commentedIf we throw out the fields before we build the query we might save some joins. That could be very important considering that the smaller set of fields would likely be more frequently requested than the full "admin" set of fields.
I plan to revive this patch for d6.
Comment #6
merlinofchaos commentedThe current design should make it relatively easy.
Comment #7
karens commentedSubscribe, this is a part of the effort to get field permissions into CCK core.
Comment #8
merlinofchaos commentedI would recommend that this patch do it as part of the init_handlers() method and it could simply call a method on the field. The field could then return true/false for access rights.
Comment #9
moshe weitzman commentedThis patch adds a method whereby fields/sorts/filters/args can check for access. If inaccessible, these elements are tossed aside and not used in the View. As an exampel implementation, this patch adds the users.mail field and protects it to just 'administer users' perm.
After this goes in, I'll work on the CCK side.
Comment #10
moshe weitzman commentedWTF. I swear I uploaded on last post.
One caveat: if Views adds more caching, this feature must be revisited.
Comment #11
karens commentedI was thinking I saw this go in. It got committed in http://drupal.org/cvs?commit=106477. Yay! Thanks!
Comment #12
merlinofchaos commentedOh! I thought I marked the issue fixed! Sorry Moshe! Yes, this went in and can be fully utlized.
MOshe is right, though; we're going to have to revisit this for caching.
Comment #13
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.